Here’s a drawing of what I think might be happening to your private traffic: traffic diagram
Comment on Traefik conditional certificate for same URL
ramielrowe@lemmy.world 6 months agoI somewhat wonder if CloudFlare is issuing two different certs. An “internal” cert your servers use to serve to CloudFlare, which uses a private CA only valid for CloudFlare’s internal services. CloudFlare’s tunnel service validates against that internal CA, and then serves traffic using an actual public CA signed cert to public internet traffic.
Honestly though, I kinda think you should just go with serving everything entirely externally. Either your trust CloudFlare’s tunnels, or you don’t. If you don’t trust CloudFlare to protect your services, you shouldn’t be using it at all.
ramielrowe@lemmy.world 6 months ago
shiftymccool@programming.dev 6 months ago
That’s what I’m settling on. However, it’s not just about trust, some of the services I’m exposing deal with moving files and I’m mostly interested in higher speeds associated with local transfers as well as not using up my internet data cap.